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DETAILED ACTION 

This Office Action is in response to Petition Granted to reinstate application from 
Abandonment on 3-18-1 1 and Amendment filed 12-22-09. Claims 5, 8-9, 19 have been 
cancelled as requested by Applicant. Claims 4, 6-7, 1 0-1 8 are presented for further 
examination. Claim 20 is newly added and presented for initial examination. 

Claim Rejections - 35 USC § 102 

1 . The following is a quotation of the appropriate paragraphs of 35 U.S.C. 1 02 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351 (a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21 (2) 
of such treaty in the English language. 

2. Claim 20 is rejected under 35 U.S.C. 102(e) as being anticipated by Hesselink et 
al. (hereinafter "Hess", US Patent Publication 2003/0191848 A1). 

As per claim 20, Hess discloses a system comprising: 

at least one access server including a virtual private network module configured to 
implement a secure communication channel between a virtual private network module 
resident in a remote computing client and the at least one access server (paragraphs 

[0003, 0009, 0017]), 
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wherein the virtual private network module in the at least one access server is 
configured to: 

receive, from the virtual private network module resident in the remote computing client, 
a public portion of a first encryption data set in a first session set-up message, generate 
a second encryption data set corresponding to the first session set-up message, the 
second encryption data set comprising a public portion and a private portion 

(paragraphs [0063-64, 0069]), 

encrypt the public portion of the second encryption data set with a private key of the at 
least one access server (paragraphs [0056, 0072, 0062]), 

transmit, to the virtual private network module resident in the remote computing client, 
the encrypted public portion of the second encryption data set in a second session set- 
up message (paragraphs [0067, 0070]), and 

if decryption of the encrypted second public portion of the second encryption data set is 
successful, establish a session with the virtual private network module in the remote 
computing client (paragraphs [0076, 0087-88]). 

Claim Rejections - 35 USC § 103 

3. The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 



(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 1 02 of this title, if the differences between the subject matter sought to be patented and 
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the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

4. Claims 4, 6-7, 10-18 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Araujo at al. (hereinafter "Ara", US Patent Publication 2003/0191799 A1) in view of 
Hesselink et al. (hereinafter "Hess", US Patent Publication 2003/0191848 Al). 

As per claim 4, Ara discloses a system to provide remote computing client access to 
resources provided by at least one server in at least one target computing network, 
comprising: 

a point-of-presence node configured to connect to the at least one target computing 
network (paragraphs [0029-0030, 0060-0061], Ara teaches a Virtual Office Server 
(point-of-presence node) connected to a LAN (target computing network); 

at least one Internet Protocol Security concentrator resident in the point of presence 

node (paragraphs [0060-0061 , 0063, 0069], Ara teaches the Virtual Office Server 
having an SSL and firewall/router for providing secure, remote, web-based access); 

at least one access server resident in the point of presence node, wherein the at least 
one access server comprises a virtual private network module configured to implement 
a secure communication channel between the remote computing client and the at least 
one server in the at least one target communication network (paragraphs [0009, 0027, 
0057, 0060-0061], Ara teaches a Virtual Office Server providing the user with a "virtual 
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office". The user is provided a secure, remote connection to various office processing 
applications. The user must provide username and password to logon to virtual office 
capability). 

Ara does not explicitly disclose the newly added limitations. 

However, these limitations are well-known to one of ordinary skill in the art as evidenced 
by Hess as shown below: 

wherein the remote computing client comprises a virtual private network module 
configured to cooperate with the virtual private network module resident in the point of 
presence node (paragraphs [0003, 0009, 0017]), 

wherein the virtual private network module in the remote computing client and the virtual 
private module in the at least one access server are configured to establish an 
encrypted communication channel between a specific application executing; on the 
remote computing client and the point of presence node (paragraphs [0003, 0009, 
0017]), 

wherein the virtual private network module in the remote computing client is configured 
to: 

generate a first encrvption data set comprising a public portion and a private portion 
(paragraphs [0063-64, 0069]), 

transmit the public portion of the first encryption data set to the virtual private network 
module in the at least one access server in a first session set-up message (paragraphs 
[0062-64]), 



Application/Control Number: 10/737,200 Page 6 

Art Unit: 2457 

wherein the virtual private network module in the at least one access server is 
configured to: 

receive the public portion of the first encryption data set in the first session set-up 
message (paragraphs [0063-64]), 

generate a second encrvption data set corresponding to the first session set-up 
message, the second encryption data set comprising a public portion and a private 
(paragraphs [0063-64, 0069]), 

encrypt the public portion of the second encryption data set with a private key ot~ 
the at least one access server (paragraphs [0056, 0072, 0062]), 

transmit the encrypted public portion of the second encryption data set in a second 
session set-up message (paragraphs [0067, 0070]), 

wherein the virtual private network module in the remote computing client further is 
configured to: 

receive the encrypted public portion of the second encryption data set in the second 
session set-up message (paragraphs [0064, 0069]), 

decrypt the encrypted public portion of the second encryption data set (paragraphs 

[0070-72]), 

if decryption is successful, establish a session between the virtual private network 
module in the remote computing client and the virtual private network module in the at 
least one access server (paragraphs [paragraphs [0076, 0087-88]). 
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Therefore, one of ordinary sl^ill in tfie art at tfie time tfie invention was made 
would have found it obvious to implement or incorporate Hess's encryption/decryption of 
public/private portions in Ara's system providing routing platforms wherein users can 
send command data to multiple remote devices of the same type, as well as send 
collaborative data to other users. 

As per claim 6, Ara discloses the system of claim 5, wherein: 

the virtual private network module in the remote computing client communicates with 
the virtual private network module in the at least one access server using a message 
exchange mode (paragraphs [0088-0089]); 

the virtual private network module in the remote computing client receives application 
layer data from at least one application executing on the remote computing client 
(paragraphs [0089, 0096]). 

As per claim 7, Ara discloses the system of claim 6, wherein the virtual private network 
module in the at least one access server is configured to implement a proxy client for at 
least one application executing on the remote computing device (paragraphs [0061 , 
0063, 0100]). 

As per claim 10, Ara discloses the system of claim 5, wherein the remote computing 
device further comprises a reconfiguration system module configured to collect system 
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configuration data relating to the remote computing device, generates a system 
configuration file, and stores the system configuration file In a memory module In the 
remote computing device (paragraphs [0063, 0069]). 

As per claim 1 1 , Ara discloses the system of claim 10, wherein the at least one access 
server comprises: 

a central policy manager module that configured to establlshe configuration policies for 
one or more remote clients that access resources via the virtual private network module 
(paragraphs [0063, 0069]); 

a reconfiguration system module configured to cooperate with the reconfiguration 
system module In the remote computing device to Impose configuration changes on the 
remote computing device (paragraphs [0069]). 

As per claim 12, Ara discloses the system of claim 10, wherein the reconfiguration 
system configured to Implement an atomic reconfiguration process on the remote 
computing device (paragraph [0085]). 
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As per claim 13, Ara discloses the system of claim 5, wherein the remote computing 
device comprises a local proxy module that emulates an HTTP proxy server 
(paragraphs [0129, 0134]). 

As per claim 14, Ara discloses the system of claim 10, wherein the remote computing 
device comprises a client application tunneling module, wherein the client application 
tunneling module configured to extract destination IP addresses and port numbers from 
communication packets and invokes the reconfiguration system module to reconfigure a 
name-to-address mapping for communications between the remote computing device 
and an application executing on a remote server (paragraphs [0076-0077]). 

As per claim 15, Ara discloses the system of claim 5, wherein at least one server in the 
point of presence node further comprises a network address translation module 
configured to perform network address translation on incoming and outgoing packets to 
enable remote access to resources on one or more networks outside the target 
computing network (paragraphs [0030, 0066, 0072]). 

As per claim 16, Ara discloses the system of claim 15, wherein the network address 
translation module is configured to automatically determine a network configuration for 
the at least one target computing network (paragraphs [0072, 0076]). 
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As per claim 17, Ara discloses the system of claim 5, wherein: 

the at least one access server comprises a first network backup module (paragraph 

[0073]); 

the remote computing device comprises a second network backup module (paragraph 
[0093]); 

the first network backup module and the second network backup module configured to 
cooperate to back up and restore one or more files from the remote at least one access 
server (paragraphs [0093, 0097]). 

As per claim 18, Ara discloses the system of claim 17, wherein the first network backup 
module configured to maintain incremental backups of files used by the remote 
computing client (paragraph [0073]). 

Response to Arguments 

5. Applicant's arguments have been considered but are moot in view of the new 
ground(s) of rejection. 
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Conclusion 

6. Applicant's amendment necessitated tine new ground(s) of rejection presented in 

this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP 

§ 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 

CFR 1.136(a). 

A shortened statutory period for reply to this final action Is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to BARBARA BURGESS whose telephone number is 
(571)272-3996. The examiner can normally be reached on M-F (8:00am-4:00pm). 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ario Etienne can be reached on (571) 272-4001. The fax phone number for 
the organization where this application or proceeding is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

/Barbara N Burgess/ Barbara N Burgess 

Examiner, Art Unit 2457 Primary Examiner 

Art Unit 2457 

June 15, 2011 

/Barbara N Burgess/ 

Primary Examiner, Art Unit 2457 



